Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I am trying to protect my PHP files from direct access, but my problem is that i do not include them in my index. I use jquery load() or iframe, so basicly the php files in include folder don't have access or code from index.php. So i tried with define CONST, but of course didn't work... So basicly i have URL site.com/file witch i load in my index with jquery load as a pop up, but i don\t want if someone try to access it directly from browser to have access... Any idea how should i protect them?
Mike's answer works for regular users, but if you need to be sure that the user first loads the index page, you could do something like:
generate a token when user loads index.php
add token to session data
add token to jquery load as a query parameter (e.g. site.com/file?token=xxxx)
on file load, compare token passed as parameter to the one stored in session and clear the session, so it cannot reuse the token
This way, the user is required to load index.php before loading file.
It wouldn't prevent an advanced user from acessing the file page directly after having the token.
try this, first block limits access to ajax requests, second one checks referring url is mywebsite
if(!isset($_SERVER['HTTP_X_REQUESTED_WITH'])){
echo "<span class='error_msgh'>Error 1. Process Aborted.</span>";
die();
}elseif(!preg_match('/(www.mywebsite.com)/', $_SERVER['HTTP_REFERER'])){
echo "<span class='error_msgh'>Error 2. Process Aborted.</span>";
die();
}
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
I have an edit form with the url looking like localhost/edit-form/*code* The code is a random 16 long string. What I would like to do is when submitting the form, refresh the page showing the form again with the new values.
I have tried to redirect with an extra attribute like localhost/edit-form/*code*/message which returns an error saying page not found.
I have also tried something like localhost/edit-form/*code*?message=1 but message isnt available to get via $_GET.
My goal is just to have a div alert saying "form edited" after the page is refreshed.
Flash messages are usually stored in $_SESSION. You could create a custom method that...
Stores the message to the session.
Deletes the message from the session, as soon as it is displayed for the user.
You could then call the method in your template file as soon as the user is redirected to it.
After your operation you can store message is $_SESSION['mesaage']
If this variable is set then you can display the message. As an oddon you can store success and failure class in separate session variable and display with success or failure class.
Once text is displayed you can unset sessions.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm doing a web app with PHP in which users have different number of tabs in the menu depending on a certain number of things, one user can have one tab in the menu where another user has ten.
I've managed to dynamically generate the menu items but now I don't know how to create files (pages) where the user gets redirected once he presses on any of the menu tabs.
All these files look the same the only thing that changes are the text, just some strings.
Summing up, what I want to do is:
Generate and destroy files automatically when the user has to consult something
How to link the menu tabs (href) to them automatically
The best would be to use a PHP page as template you could call it.
Lets say for example a user is logged in and clicks the view data page (data.php)
on your link you could have something like this:
and in data.php:
<?php
$USER_ID = htmlspecialchars($_GET["id"])
//SQL Request to get user priviledge and authentificate
//OR
//Check the cookie session for information
if (user_priviledge == 0)
{
//
//Show only data for 0 users
//
}elseif (user_priviledge == 1) {
//
//Show only data for 1 users
//
}
?>
This may not be the solution you wanted but your question wasn't very clear either so if you need any other information make sure to bring more precision.
The condition which are using for tab use same condition to show page. But add that condition in your text.Because your text is changing not page I think.
I this this might help you.
since all files will look the same and only variables will change, you can create one php file and just send the necessary data when a user clicks on the tab to assign to the variables in that page. You do not need to keep on creating custom pages for each and every tab.
Provide some code which you have written for this so that we can help you further
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I just have one question. I looked through one book and the Internet and unfortunately didn't find an concrete answer. So... I have a webpage where user can log in. If the user is logged in then the bar at the top of webpage is different(user sees his own photo, name etc.). I know how to use sessions&databases in this case, but I don't know how to make this two different websites. I mean.... in the home site of my whole webpage i can write sth like (in php):
if(isset($_SESSION["User"])) ..... .
But what then? I should somehow hide the html for unlogged user in "else" and part for logged user in "if" or should i create a whole new site for logged in users and redirect to this site if user is logged...? Please, help me.
It seems that you need to spend a little time looking into PHP deeper. My advice would be to learn about including PHP files in order to create a template system (so you would have a base PHP file with the HTML/PHP that is on every page (like a master page) that would include the code:
if(isset($_SESSION["User"]))
{
// Do code for logged in user...
}
else
{
// Do code for generic user...
}
Although that is a really rudimentary example, you could have a global variable if you need things on specific pages too. If you have a more specific question about implementing it, feel free to ask.
one cool thing that you can do in PHP is include html "inline". eg:
if(isset($_SESSION["User"]))
{
?>
<p>Welcome User! <?php echo $_SESSION["User"]; ?></p>
<?php
}
else
{
?>
<p>Please login to see all features...</p>
<?php
} ?>
You should first set the session variable's value(eg. $_SESSION['logged_user_id']) to some value as per your website. Then assuming that you have only one page, you will have to include many php codes at the place you wanted to display user image, Hello xyzuser etc content. You will have to use "if/else" statements to check if the session variable for some user is set or not. If the session variable is set then it will be using the if block statements where you can write code to display image of the user corresponding to e.g. that logged_user_id using your db. Otherwise it will use the else part that will display your default content.
You will have to perform "if/else" checks at each place where your content has a chance to change based on the user status i.e. use the "if" statement to check if the user is logged in or not if no user is logged in then it won't go to the "if" block statements and execute the "else" part for default display. Ok.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Is there any way to generate webpages dynamically.for example I have a website called abc.com in which I have included a form with many fields.
When a user submit this form,I want a new webpage abc.com/xyz to be created.Wondering if this is possible.
Of course it's possible. Anything is possible in programming/development.
See the following PHP manual for a good tutorial: http://www.php.net/manual/en/domdocument.savehtmlfile.php
This is possible in variety of ways.
You can pass GET variables in URL (example.com/page?var1=1&var2=2) and use this variables to generate unique page by predefined template.
If you don't want to use variables in URL, you can POST them to page via form request or ajax call.
Alternatively you can use .htaccess configuration files to rewrite your URL and use url segments as variables (example.com/var1/var2), this is common approach in MVC systems, where first/second variables are class/method names.
So here's an example:
You have a page.php where form resides.
User fills a form and submits it.
Form goes trough AJAX call, submitting it to request.php page
request.php parses it and stores it in DB, generating unique id
AJAX event recieves from request.php a unique id and redirects user to review.php
with url (example.com/review/uniqueID) or (example.com/review.php?uniqueID)
review.php recieves uniqueId, get's info from DB by it and displays requested info
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I'm wondering which way is right to handle the errors in CodeIgniter and specifically the MVC pattern. I'm not talking about only sql errors, but lets say that you have user level-access control system and every level can access specific parts of the site.
What if somebody try to enter in a forbidden place for his level?
Or if you execute a controller based on some conditions and these conditions are not met?
Which is the best way to control the errors without confusing the end user which is browsing and using the application?
I'm wondering how you do it.
Do you use different views and controllers when an error occurs or something else?
You are asking 2 different things.
First one:
but what if you have a form which edits something, but according to user-level you cant edit.
You can achieve this but not showing the fields in the form nor updating the database if the user doesn't have permissions.
if ($user_has_permissions)
{
echo form_input('field_name');
echo form_input('field_name');
}
and when updating the row
if ($user_has_permissions)
{
$this->db->set('db_field_name', $field_name);
}
If you want to show an error message in form validation, use callbacks (callbaks in CodeIgniter).
Check if the user has permissions and show the message if hasn't.
Second one
Using die() is not an option, I just dont wanna crash my whole app
If you wan't to stop the execution without using die(), you have some other "friendlier" forms to do it:
show_404();
show_error();
show_error('Description of your error');
This will stop the execution and will show a fancy screen with the error description.
You could specify the user's access level in your database. If a user tries to access a forbidden place you could store some error in the userdata and display them in the view if its set.
The codeigniter session class documentation: http://ellislab.com/codeigniter/user-guide/libraries/sessions.html